1 CURELAN TECHNOLOGY Co., LTD Flowviewer FM-800A CURELAN TECHNOLOGY Co., LTD www.CureLan.com.

Slides:



Advertisements
Similar presentations
ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.
Advertisements

Viruses,Hacking and Backups By Grace Mackay 8K Viruses Hacking and Hackers Backups.
1 CURELAN TECHNOLOGY Co., LTD Flowviewer FM-800A CURELAN TECHNOLOGY Co., LTD
Malicious Attacks By Chris Berg-Jones, Ethan Ungchusri, and Angela Wang.
Network and Server Basics. 6/1/20152 Learning Objectives After viewing this presentation, you will be able to: Understand the benefits of a client/server.
Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.
Security Awareness: Applying Practical Security in Your World
Protecting Yourself Online. VIRUSES, TROJANS, & WORMS Computer viruses are the "common cold" of modern technology. One in every 200 containing.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Kaspersky Open Space Security: Release 2 World-class security solution for your business.
Internet safety Viruses A computer virus is a program or piece of code that is loaded onto your computer without your knowledge and runs against your.
Computer security virus, hacking and backups. Computer viruses are small software programs that are designed to spread from one computer to another.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.
1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Viruses.
Detrick Robinson & Amris Treadwell.  Computer viruses- are pieces of programs that are purposely made up to infect your computer.  Examples: › Internet.
ShareTech 2015 Next-Gen UTM.
Safe Computing. Computer Maintenance  Back up, Back up, Back up  External Hard Drive  CDs or DVDs  Disk Defragmenter  Reallocates files so they use.
Internet Security facilities for secure communication.
IT security By Tilly Gerlack.
By Ramneek Hundal.. 5 types of Virus.. I LOVE YOUI LOVE YOU. WormsWorms.TROJEN HORES.MELISSA.HAPPY 99 What is a virus. A computer virus is a computer.
I.T Security Advice for Dummies By Kirsty Pollard Kirsty Pollard Campsmount Academy.
Connecting Computers and Keeping them safe from Hackers and Viruses Bradie Britzmann and Courtney Hughes Britzmann & Hughes.
Honeypot and Intrusion Detection System
ITIS 1210 Introduction to Web-Based Information Systems Chapter 45 How Hackers can Cripple the Internet and Attack Your PC How Hackers can Cripple the.
3-Protecting Systems Dr. John P. Abraham Professor UTPA.
Lecture 2 Title: Computer Software By: Mr Hashem Alaidaros MIS 101.
1 Chap 10 Virus. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on an ever increasing.
A computer virus is a computer program that can replicate itself and spread from one computer to another. The term "virus" is also commonly, but erroneously.
 A computer virus is a program or piece of code that is loaded onto your computer without your knowledge and runs against your wishes. It is deliberately.
1 Figure 4-16: Malicious Software (Malware) Malware: Malicious software Essentially an automated attack robot capable of doing much damage Usually target-of-opportunity.
A virus is a piece of software tht is designed to copy itself onto other programs causing them to function differently. In the 80’s, when the viruses.
This Is A PowerPoint Presentation On Computer Viruses. This Presentation Will Show You What Can Be Done To Deal With The Viruses. Mr Owen 10C.
Monitoring Your Network A College Approach Chris Bamber, IT Systems Manager Somerville College Confidentiality: The contents of this presentation and workshop.
G061 - Network Security. Learning Objective: explain methods for combating ICT crime and protecting ICT systems.
Computer Security! Emma Campbell, 8K VirusesHackingBackups.
7400 Samsung Confidential & Proprietary Information Copyright 2006, All Rights Reserved. -0/17- OfficeServ 7400 Enterprise IP Solutions Quick Install Guide.
Understanding Computer Viruses: What They Can Do, Why People Write Them and How to Defend Against Them Computer Hardware and Software Maintenance.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Network Security Chapter 11 powered by DJ 1. Chapter Objectives  Describe today's increasing network security threats and explain the need to implement.
Small Business Security Keith Slagle April 24, 2007.
Introduction to Firewalls
Computer security By Isabelle Cooper.
Topic 5: Basic Security.
1 CURELAN TECHNOLOGY Co., LTD Flowviewer FM-800A CURELAN TECHNOLOGY Co., LTD
Introduction TO Network Administration
Network Security.  With an increasing amount of people getting connected to networks, the security threats that cause massive harm are increasing also.
W elcome to our Presentation. Presentation Topic Virus.
Virus Assignment JESS D. How viruses affect people and businesses  What is a virus? A computer virus is a code or a program that is loaded onto your.
“Lines of Defense” against Malware.. Prevention: Keep Malware off your computer. Limit Damage: Stop Malware that gets onto your computer from doing any.
I NTRODUCTION TO N ETWORK A DMINISTRATION. W HAT IS A N ETWORK ? A network is a group of computers connected to each other to share information. Networks.
1 CURELAN TECHNOLOGY Co., LTD Flowviewer FM-800A CURELAN TECHNOLOGY Co., LTD
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Page 1 Viruses. Page 2 What Is a Virus A virus is basically a computer program that has been written to perform a specific set of tasks. Unfortunately,
By: Matthew Newsome.  The Internet was created so the US Department of Defense can share information between each other, which took place in the 1960’s.
Sniper Corporation. Sniper Corporation is an IT security solution company that has introduced security products for the comprehensive protection related.
Securing a Host Computer BY STEPHEN GOSNER. Definition of a Host  Host  In networking, a host is any device that has an IP address.  Hosts include.
Chapter 14.  Upon completion of this chapter, you should be able to:  Identify different types of Intrusion Detection Systems and Prevention Systems.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Access Control Lists Accessing the WAN – Chapter 5.
1 CURELAN TECHNOLOGY Co., LTD Flowviewer FM-800A CURELAN TECHNOLOGY Co., LTD
Network System Security - Task 2. Russell Johnston.
Common System Exploits Tom Chothia Computer Security, Lecture 17.
Working at a Small-to-Medium Business or ISP – Chapter 8
CURELAN TECHNOLOGY Co., LTD Flowviewer FM-800A / FM-1500A
Instructor Materials Chapter 7 Network Security
Firewalls.
A Trojan is a computer program that contains the malicious code and it misleads users and user's computer. It aims to designed to perform something is.
CHAPTER 2: OPERATING SYSTEMS (Part 2) COMPUTER SKILLS.
Introduction to Internet Worm
Presentation transcript:

1 CURELAN TECHNOLOGY Co., LTD Flowviewer FM-800A CURELAN TECHNOLOGY Co., LTD

2 FM-800A Main Functions Netflow or sFlow report functions. (including P2P report) Worm Scan and P2P block functions. Able to automatically write the ACL or directly use the FM-800A to scan, detect and block worm IP. Contains the Traffic Quota function (IPv4 & IPv6) and traffic monitor search.

FM-800A Main Functions Automatically detects and reports any UDP Flood and DOS relay attack. Automatically detects and reports SSH and RDP password scan function. Able to support IPv6. The Flowviewer device has both Hardware and Software Bypass function in Inline mode. 3

Hacking Methods 1.SSH Route 2.RDP Route 3.Microsoft bugs, C++ bugs, Java bugs, etc. (This type of attack is unpreventable. You can only wait for an update to remove the bug.) 4

Defense Methods If a hacker uses the 3 rd way to slip a virus onto your computer and disables the intranet, how can you defend yourself against an attack?  1.UDP Flood Attacks :  2.DOS Relay Attacks :  FM-800A supports the auto block function in UDP Flood attacks and DOS relay attacks. 5

6 IPS Product Weak Points Focuses and supports the IPS product’s weak point to prevent against the unknown worm attack. (The worm’s pattern has not been recognized yet) Ex: The Panda Burning Joss Sticks virus was popular in The virus infected many computers and disabled a numerous amount of intranet around the world. IPS:Intrusion Prevention System

7 Whenever a PC is turned on, the worm has the ability to attack. The worm can also spread to other PC’s and make a large number of sessions(flows) to disable to the intranet. If your PC contains a worm, how come your antivirus software cannot dispose of it?  First, worms and viruses have different patterns. The worm tends to make large sessions.  Second, some worm mutations are too quick to be found while others can even shut down the antivirus software. That is why antivirus software cannot deal with worms. IPS Weak Points (Continued)

8 IPS Weak Points (intranet to intranet) Most of the IPS products and software can defend attacks from “internet to intranet” and “intranet to internet”. However, IPS products and software cannot protect against “intranet to intranet.” In the “intranet to intranet” situation, the hacker has a high chance to gain administrative privilege and control over the server and admin root. High chances include user using Wi-Fi, USB, etc. These are the problems with IPS and antivirus software.

9 Workgroup Switches Core Switch DMZ 23 Flowviewer FM-800A 1 Campus Network Internet Mail Server DNS/Web Server Inline mode SPAN mode Using three-layer structure to solve the problem of attack and protect permission. got a virus Anti-Virus S/W End to End S/W IPS/IDS/UTM Wi-Fi AP USB smartphone

10 Comparison Chart between Flowviewer, IPS and Spyware TypeFlowviewerIPS spyware Installation TypeIn-line / ListenIn-lineEach PC Default TypeNBAD (Network Behavior Abnormal Detection) Pattern When the Intranet is being attacked Uses NBAD to automatically find and block the attack by writing ACL to core switch or the FM-800A itself. Only focuses on “Intranet to Internet”. Cannot find the attack from the Intranet. It can only be used by pattern. If pattern updates too fast or the worm is unknown, then it is useless. Flow, IP, Port Traffic Quota Search and Report Internet  Intranet Intranet  Internet Intranet  Intranet Only focus on “Inter to Intra” and sometimes “Intra to Inter” X

11 Comparison Chart between FM-800A, IPS and Spyware TypeFlowviewer IPS spyware IP/Port Search at any time We can focus on the times of Source IP, Destination IP, Protocol Source IP, Destination Port, flow direction XX P2P Types14 types include 24 programs (even if those programs update, we can still find and block them) Uses patterns for defense. If the P2P programs update, the IP’s can’t block successfully. X Processor Speed6 seconds (30Mbps ~ 3Gbps) > 20 minutes (30Mbps) X

Introduce product Major functions Quota Management function and current traffic monitor. peer-to-peer (P2P) filter. P2P Report. Netflow or sFlow traffic report. worm detection(NBAD). Automatic block infected IPs from L3 Switch by ACL.(for Cisco, Foundry, Alcatel, Extreme) or Automatic block by flowviewer. SSH Password Guess Attacks Report. RDP Password Guess Attacks Report. List of Possible UDP Flood Attacks Report. SSH Password Guess Detection and Blocking. Blocking method: Block by flowviewer. RDP Password Guess Detection and Blocking. Blocking method: Block by flowviewer. UDP Flood Detection and Blocking. Blocking method:Apply ACL command to core switch. 12

Introduction of traffic quota control In campus, this function maybe use to control the network traffic on the dorm. For government or enterprise, the function can be according to the position to limit the network traffic. Therefore, those people who really need can get more network bandwidth for using. While user quota exceed, the quota manager can: (1) Blocking(Block the user’s IP address). (2) Bandwidth limit(Rate limit). P S: Bandwidth limit and Block IP at the same time at the same time in exist. Can not increase the bandwidth to go to solve network traffic problems. 13

Traffic Monitor Function introduction Traffic Monitor can monitor current traffic, include total up/down/bi- direction traffic, current up/down/bi-direction speed and peak up/down/bi- direction speed. 14

P2P function(Inline Mode) P2P filter function using Patterns to recognize the P2P traffic, include Bit Torrent, Apple Juice, PPS and instant message. To use peer-to-peer (P2P) software usually has the tort involved. Especially in campus, students use peer-to-peer (P2P) to download the illegal software. Therefore, the administrators always feel disturbed to receive the investigation notice from the police. On the other hand, government and the enterprise, using peer-to-peer software also reduced the intranet efficacy. 15

P2P Report Only Flowviewer FM-200A/600A/800A have this feature. This feature provide the report of users that using P2P software. Only Flowveiwer series have P2P Report function; the other similar products just have peer-to peer (P2P) filter function. Some of the users still keep using peer-to-peer software; they usually disregard the P2P software has been not allowable to download. Thus, use P2P Report function can let the administrator to know who is using the peer-to peer (P2P) software. 16

Netflow or sFlow traffic report In particular, Realtime Query function can track certain IP history and criminal records the administrator wants. Any department needs this function. Any products that are equipped with this function are extremely expensive, flowviewer series does not only offer a better price but also a better performance. 17

18 Real-time Query The query result from May 22, :00 to May 22, :30 and source IP is 140.xxx.xxx.5. Next Zoom In

Zoom in 321 flows result The destination IP ( ) zoom in result. 19

20 Support IPv6

21

Hacker Attacks Hacker attack includes Worm, SSH Password Guess Attacks, RDP Password Guess Attacks, UDP Flood Attacks, DOS Relay Attacks etc. Of which, the RDP Password guess Attacks detection function is unique and available only in Flowviewer. This unique function is the work of Curelan Company after discovering that most hackers use this route to insert Trojan horse. The difference between Flowview and IPS(Intrusion Prevention System)? IPS(Intrusion Prevention System) needs update on its virus code (Pattern) but Flowviewer uses Network Behavior Anomaly Detection(NBAD) and therefore does not require any updates. 22

Exclusive technology : RDP Attacks 23 On 2012/6/4, RDP Attack detect function detect the hacker from (Src IP) want to break in 140.XXX.101.4(Dst IP). (FM-200A does not include this function, FM-600A have detect function but no block function, FM-800A has both detect and block function.) Remote Desktop Protocol (RDP) is a proprietary protocol developed by Microsoft, which provides a user with a graphical interface to another computer. Clients exist for most versions of Microsoft Windows (including Windows Mobile), Linux, Unix, Mac OS X, Android, and other modern operating systems.

Spear Phishing is no solution Vulnerable targets for hackers include government agencies, private companies, educational institutes and military units. No defensive product in the world can ever protect one from all attacks, for example, Trojan horse attached during Spear Phishing and P2P download is unsolvable. Luckily, server equipment does not receive and send mails and use P2P download automatically, therefore any action of this kind is from a personal computer. Most hackers’ hacks into one computer and use the intranet to attack other IP until he finds the server equipment IP that allows access to confidential data. This IP could also become a relay attack to other external Botnet. 24

Hacker steals confidential data of file server Flowveiwer has solution Most intranet attacks goes through the RDP route, Flowviewer system can detect and automatically send ACLs (Access Control List Entries) to Core Switch (Layer 3) to prevent attack. As seen below: List of Possible RDP Attacks report, Number 3,5,6and 7 are the intranet attack described. Maybe number 3,5,6 and 7 are Spear Phishing attacks from intranet. 25

SSH Password Guess Attacks Report Hacker attacks goes through the SSH route, Flowviewer system can detect and automatically send ACLs (Access Control List Entries) to Core Switch (Layer 3) to prevent attack. As seen below: List of Possible SSH Attacks report. 26

Hackers relay attack UDP Flood attacks is currently the most efficient method in paralyzing websites or specific IP. As seen from below, this unit have been relayed to attack external IP xxx.xxx.239 is internal IP. 27

Floveiwer FM-800A can block automatically Flowviewer FM-800A can automatically stop the SSH Password Guess Attacks, RDP Password Guess Attacks, UDP Flood Attacks and DOS Relay Attacks, by sending ACLs (Access Control List Entries) to Core Switch (Layer 3). As we can see, the target company includes Cisco, Foundry, Alcatel and Extreme etc. 28

Built-in standard feature with the difference functionality table 29 Flowviewer TypeFM-200AFM-600AFM-800A peer-to-peer (P2P) filterYes P2P ReportYes Quota Management function and current traffic monitor Yes Netflow or sFlow traffic reportYes worm detection(NBAD)Yes Automatic block infected IPs from L3 Switch by ACL Yes SSH Password Guess Attacks ReportNoYes RDP Attack ReportNoYes Automatic block SSH Password Guess Attacks No Yes Automatic block RDP AttacksNo Yes UDP Flood Attack Detection ReportNoYes Automatic block UDP Flood Attack Detection No Yes Public Report(Hyperlinks)Yes

Telecom Solutions Most telecom Company provides IDC(Internet Data Center) and the IDC service provides customer website the ability to detect DDoS ( Distributed Denial of Service ) attack. Therefore, detecting UDP Flood Attacks become the most important function. Flowviewer FM-800A has the ability to accurately detect hacker’s IP and send ACLs (Access Control List Entries) to Core Switch (Layer 3) that cuts off UDP Flood Attacks and prevent IDC(Internet Data Center) customer website or business application server from paralyzing. 30

UDP Flood Attacks, real case Below is a successful example of Flowviewer FM-800A detecting the attack from external IP(140.xxx.xxx.183) to an university in Taiwan. If Telecom Company has Flowviewer FM-800A. This device can protect IDC client to rescue hacker attacks. 31

Our reference sites Important Customer: National Center for High-Performance Computing l Main Service : Cross-Campus WLAN Roaming Mechanism. l Our Product–Flowivewer–use netflow traffic report feature to trace IPs that controlled by Botnet and notify the administrators who’s in charge of the IP address. School:  National Chung Hsing University (NCHU)  National Kaohsiung Marine University  National pingtung University of Science&Technology  I-Shou University  National University of Tainan  National Taichung University  WuFeng University  Nanya Institute of Technology  Ling Tung University  National Taichung Nursing College Military:  Chung Cheng Armed Preparatory School  National Defense University  R.O.C Military Academy Government:  Kaohsiung City Government  Taitung County Government  Financial Supervisory Commission, Financial Examination Bureau Other: Show Chwan Memorial Hospital ﹐ ega International Commercial Bank, Fist 32

Customers 33

34 Demo site for Flowviewer FM-800A device Account: guest Password: 1234

35 Contact us Office : 15F-1, No,255, Jiuru 2 nd rd., Sanmin District, Kaohsiung City 807, Taiwan(R.O.C) TEL: FAX: Website :

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.